As healthcare providers increasingly use digital devices such as diagnostic and monitoring systems, ambulance equipment, and surgical robots to improve patient care, the security of those devices is as important as their primary function.
In response, Palo Alto Networks has announced Medical IoT Security, a new comprehensive Zero Trust security solution for medical devices enabling healthcare organisations to deploy and manage new connected technologies quickly and securely.
Zero Trust is a strategic approach to cybersecurity that secures an organisation by eliminating implicit trust by continuously verifying every user and device.
“The proliferation of connected medical devices in the healthcare industry brings a wealth of benefits, but these devices are often not well secured. For example, according to Unit 42, an alarming 75% of smart infusion pumps examined on the networks of hospitals and healthcare organisations had known security gaps,” says Anand Oswal, Senior Vice President of Products, Network Security at Palo Alto Networks.
“This makes security devices an attractive target for cyber attackers, potentially exposing patient data and ultimately putting patients at risk,” he says.
“There is no doubt that medical IoT devices have the ability to improve medical outcomes. However, the decentralised deployment of IoT devices in hospitals and the complexity of hospital environments can make them inherently difficult to secure, leaving our medical facilities vulnerable to a cyber attack,” says Alex Nehmy, Director of Industry 4.0 Strategy at Palo Alto Networks.
“There are so many hospitals that may not even know how many connected devices they have, let alone how secure they are. So, by giving hospitals visibility of their connected devices, with a purpose-built security solution to identify vulnerabilities across the ecosystem, we can protect patient data and ultimately people’s lives.”
While a Zero Trust approach is critical to help protect medical devices against today’s innovative cyberthreats, it can be hard to implement in practice. Through automated device discovery, contextual segmentation, least privilege policy recommendations and one-click enforcement of policies, Palo Alto Networks Medical IoT Security delivers a Zero Trust approach in a seamless, simplified manner. Medical IoT Security also provides best-in-class threat protection through seamless integration with Palo Alto Networks cloud-delivered security services, such as Advanced Threat Prevention and Advanced URL Filtering.
Bob Laliberte, Principal Analyst, ESG, says with thousands of devices to manage, healthcare environments are extremely complex and require intelligent security solutions capable of doing more.
“Palo Alto Networks understands this requirement and is leveraging machine learning (ML) for Medical IoT security,” he says.
“Adding intelligence will enable providers to improve operational efficiency, which will enhance patient and practitioner experience and alleviate the burden of an ongoing IT skills shortage.”
Ed Lee, research director, IoT and Intelligent Edge Security, IDC, says healthcare providers continue to be high-value targets for attackers.
“This reality, combined with the diversity of medical IoT devices and their inherent vulnerabilities, points to a real need for device security that is purpose-built for healthcare use cases,” he says.
“The ability to defend against threats targeting critical care devices while maintaining operational availability and strengthening the alignment of device governance responsibilities between IT and Biomed engineering teams is quickly becoming a necessity for the protection of patient data and lives.”